General
-
Target
0c903e996cfd8cf1d1e89a4f5f954a0f4a3211e3b6ffc54af6f7ebb719945dfd
-
Size
627KB
-
Sample
221125-vjabvsfa4t
-
MD5
f72f0bd4740a5bf40302898abb26648e
-
SHA1
a829f08134ccc32ea00b9169b2a0ad853e26f55d
-
SHA256
0c903e996cfd8cf1d1e89a4f5f954a0f4a3211e3b6ffc54af6f7ebb719945dfd
-
SHA512
e4186448cecb97eddeafe25092b6654eef0e00743d39e1c4322c62eeb6b552fd16d274e7c9bc217791b414b14a29746cd261ad742a587e106f859b96e4f325b4
-
SSDEEP
12288:L0hcCkjICIT47WQCVq6duV5O1GFk6hl+0uTrAQQ132arcj/GVeWN/Wzj:YhuQIWQCYquTO0Fk6hc0uT43NycO
Static task
static1
Behavioral task
behavioral1
Sample
0c903e996cfd8cf1d1e89a4f5f954a0f4a3211e3b6ffc54af6f7ebb719945dfd.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
0c903e996cfd8cf1d1e89a4f5f954a0f4a3211e3b6ffc54af6f7ebb719945dfd
-
Size
627KB
-
MD5
f72f0bd4740a5bf40302898abb26648e
-
SHA1
a829f08134ccc32ea00b9169b2a0ad853e26f55d
-
SHA256
0c903e996cfd8cf1d1e89a4f5f954a0f4a3211e3b6ffc54af6f7ebb719945dfd
-
SHA512
e4186448cecb97eddeafe25092b6654eef0e00743d39e1c4322c62eeb6b552fd16d274e7c9bc217791b414b14a29746cd261ad742a587e106f859b96e4f325b4
-
SSDEEP
12288:L0hcCkjICIT47WQCVq6duV5O1GFk6hl+0uTrAQQ132arcj/GVeWN/Wzj:YhuQIWQCYquTO0Fk6hc0uT43NycO
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-